Lecture 8 Thread Safety.

Slides:



Advertisements
Similar presentations
50.003: Elements of Software Construction Week 6 Thread Safety and Synchronization.
Advertisements

CSE 303 Lecture 16 Multi-file (larger) programs
Composition CMSC 202. Code Reuse Effective software development relies on reusing existing code. Code reuse must be more than just copying code and changing.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
1 CSCI 6900: Design, Implementation, and Verification of Concurrent Software Eileen Kraemer August 24 th, 2010 The University of Georgia.
Chapter 7: User-Defined Functions II Instructor: Mohammad Mojaddam.
Concurrency 101 Shared state. Part 1: General Concepts 2.
1 CSC321 §2 Concurrent Programming Abstraction & Java Threads Section 2 Concurrent Programming Abstraction & Java Threads.
Threading Part 2 CS221 – 4/22/09. Where We Left Off Simple Threads Program: – Start a worker thread from the Main thread – Worker thread prints messages.
Assignment – no class Wednesday All: watch the Google Techtalk “Getting C++ Threads Right” by Hans Boehm at the following link in place of Wednesday’s.
Synchronization in Java Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
29-Jun-15 Java Concurrency. Definitions Parallel processes—two or more Threads are running simultaneously, on different cores (processors), in the same.
CS510 Concurrent Systems Class 5 Threads Cannot Be Implemented As a Library.
A. Frank - P. Weisberg Operating Systems Introduction to Cooperating Processes.
02/14/2007CSCI 315 Operating Systems Design1 Process Synchronization Notice: The slides for this lecture have been largely based on those accompanying.
Multithreading.
A Bridge to Your First Computer Science Course Prof. H.E. Dunsmore Concurrent Programming Threads Synchronization.
Lecture 8 Inheritance Richard Gesick. 2 OBJECTIVES How inheritance promotes software reusability. The concepts of base classes and derived classes. To.
© 2009 Matthew J. Sottile, Timothy G. Mattson, and Craig E Rasmussen 1 Concurrency in Programming Languages Matthew J. Sottile Timothy G. Mattson Craig.
Concurrency, Mutual Exclusion and Synchronization.
Lecture 5 : JAVA Thread Programming Courtesy : MIT Prof. Amarasinghe and Dr. Rabbah’s course note.
SPL/2010 Safety 1. SPL/2010 system designing for concurrent execution environments ● system: collection of objects and their interactions ● system properties:
Internet Software Development Controlling Threads Paul J Krause.
Multithreading in Java Sameer Singh Chauhan Lecturer, I. T. Dept., SVIT, Vasad.
Sharing Objects  Synchronization  Atomicity  Specifying critical sections  Memory visibility  One thread’s modification seen by the other  Visibility.
SPL/2010 Synchronization 1. SPL/2010 Overview ● synchronization mechanisms in modern RTEs ● concurrency issues ● places where synchronization is needed.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Comunication&Synchronization threads 1 Programación Concurrente Benemérita Universidad Autónoma de Puebla Facultad de Ciencias de la Computación Comunicación.
System Programming Practical Session 4: Concurrency / Safety.
Object Oriented Programming. OOP  The fundamental idea behind object-oriented programming is:  The real world consists of objects. Computer programs.
5.1 Basics of defining and using classes A review of class and object definitions A class is a template or blueprint for an object A class defines.
Agenda  Quick Review  Finish Introduction  Java Threads.
Concurrency in Java MD. ANISUR RAHMAN. slide 2 Concurrency  Multiprogramming  Single processor runs several programs at the same time  Each program.
Principles of Software Development
Topic: Classes and Objects
EECE 310: Software Engineering
Background on the need for Synchronization
Java Primer 1: Types, Classes and Operators
Atomic Operations in Hardware
Atomic Operations in Hardware
Multithreading in Java
Threads and Concurrency in Java: Part 2
Lecture 8 Thread Safety.
Synchronization Lecture 23 – Fall 2017.
Lecture 22 Inheritance Richard Gesick.
Implementing synchronization
More on Thread Safety CSE451 Andrew Whitaker.
Object Oriented Programming
Threads and Memory Models Hal Perkins Autumn 2009
Multithreading.
Concurrency in Java Last Updated: Fall 2010 Paul Ammann SWE 619.
Dr. Mustafa Cem Kasapbaşı
Java Concurrency 17-Jan-19.
Java Concurrency.
Java Concurrency.
Threads and Multithreading
Foundations and Definitions
Java Concurrency 29-May-19.
Problems with Locks Andrew Whitaker CSE451.
CSE 332: Concurrency and Locks
Review for Midterm 3.
CMSC 202 Threads.
Threads CSE451 Andrew Whitaker TODO: print handouts for AspectRatio.
四時讀書樂 (春) ~ 翁森 山光照檻水繞廊,舞雩歸詠春風香。 好鳥枝頭亦朋友,落花水面皆文章。 蹉跎莫遣韶光老,人生唯有讀書好。
SPL – PS3 C++ Classes.
More concurrency issues
Threads and concurrency / Safety
Presentation transcript:

Lecture 8 Thread Safety

Concurrent Systems: Properties Safety: Nothing unplanned ever happens to the values or expected results Correctness The system does what it was meant to Reusability The objects can be reused in several systems without changing code Liveness System advances in its execution of code Performance Intended activity eventually completes, and uses resources efficiently

Safety: Definition Nothing bad should ever happen to a shared object: Objects should change only following the programmer intentions Multi-threaded safety: Problem: safety in concurrent systems cannot be checked at compile time! It requires both correct system design, and correct system implementation Designing concurrent systems that use resource sharing is difficult! Todays concurrent systems steer away from sharing resources! Alleviating concurrent systems safety issues: Can be done by applying conditions on classes Three kinds of conditions: pre-condition, post-condition, and invariant

Example: EvenCounter Class 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 /* A simple counter class, which keeps an even counter value */ class EvenCounter { /* the internal state counter */ private int counter = 0; /* default constructor */ public EvenCounter() { } int getCounter() { return counter; } int setCounter(int count) { counter = count; } /* increment the counter. * return the current counter value */ public int increment() { setCounter(getCounter() + 1); return getCounter(); } We wish to ensure the state consistency of a class instance, we ensure the consistency of the following: Object State: counter value must be even value at all times Operations: increment() counter

Class Conditions: Definitions These are statements about the state of the object Pre Conditions: @PRE <condition> Condition must hold before executing the method Post Conditions: @POST <condition> Condition must hold after the method finishes its execution Invariant: @INV <condition> These statements must hold throughout the lifetime of the object

Class EvenCounter: Conditions What is a possible pre-condition on increment()? In what state the object is in before executing this method? Counter value is even! What is a possible post-condition on increment()? In what state the object will be in after executing this method? Counter value is even What will happen to object state once we finish executing this method? Counter has been incremented What are possible invariant conditions on the state of the object? Internal counter always remains even Counter value might change during actions on or by the object

EvenCounter Example: Adding Conditions 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 /* A simple counter class, which keeps an even counter */ class EvenCounter { /* the internal state counter * @INV counter % 2 = 0 */ private int counter = 0; /* default constructor */ public EvenCounter() { } int getCounter() { return counter; } int setCounter(int counter) { this.counter = counter; } /* increment the counter. * return the updated counter value * @PRE getCounter() % 2 = 0 (this is redundant, as it is promised by the @INV) * @POST @POST(getCounter()) = @PRE(getCounter())+2 public int add() { setCounter(getCounter() + 1); return getCounter(); }

Consistency and computation We introduced the pre/post and inv conditions to define: “an object is in consistent state”. Only the object can update its own internal state. Construction: after the constructor exits, @inv holds.

Consistency and computation Each time a method is called: @pre condition should be checked. After the method finishes computing: @post condition should be checked. Definition: The safety condition for a system’s run is that all object conditions are held - as viewed from the perspective of each object.

Consistency and computation While a method is executing, there is no constraint that the @inv remains enforced. Example: add()method in EvenCounter.

Thread Safety: EventCounter Example 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 /* a simple class which has a reference to an EvenCounter object. */ class Adder implements Runnable { /* the reference to an EvenCounter Object */ private EvenCounter evenCounter; /* simple constructor * @param evenCounter a reference to an EvenCounter object */ public Adder(EvenCounter evenCounter) { this.evenCounter= evenCounter; } /* increment the counter 10 times*/ public void run() { for (int i=0; i<10; i++) System.out.println(evenCounter.increment()); } public static void main(String[] args) { // Note: a single Even instance is shared by 2 Adder instances. EvenCounter evenCounter = new EvenCounter(); Thread t1 = new Thread(new Adder(evenCounter)); Thread t2 = new Thread(new Adder(evenCounter)); t1.start(); t2.start(); Two threads, each one incrementing the same object 10 times, we expect 40 with increments of two for each increment() execusion Expected result?

…EvenCounter class is not thread safe run:  2 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 38 40 …EvenCounter class is not thread safe

Dangers of Concurrent Execution Code correctness? all computations involving this code are correct. In sequential RTE: analyze each method. check all potential execution paths. make sure the @inv, @pre and @post hold in the concurrent execution model?

Investigation At some point in each thread's execution, the thread is preempted by the environment in favor of another thread. The preemption may take place any time during the execution of the thread. add()  - performs many more actions than you can see…

Investigation pseudo JVM code: execution of any thread may be interrupted at any line…

Investigation Run: After this run: (before the print()) counter = 5! 2 5 7 9 11 13 15 17 19 … After this run: (before the print()) counter = 5!

Repair?   Unfortunately, a thread can be interrupted before line 3.

interleaving of execution Assume counter_ = 2 at time t0 T1 executes line 1 and is interrupted. (c == 2 / @pre holds) T2 executes line 1 and is interrupted. (c == 2 / @pre holds) T1 executes lines 2 and 3 (c == 4 / @post holds / @inv holds) T2 executes lines 2 and 3 (c == 4 / @post holds / @inv holds)

Interleaving of execution Same object - shared between 2 threads (T1, T2) Object executes the method add() twice – state of the object is incremented only once. Local constraints (@inv / @pre / @post) never failed. T1 thinks all is fine. T2 thinks all is fine. Your bank account is wrong!!! "something wrong happened" but our formal tools cannot tell us what.

Reasons behind EvenCounter failure increment()is not an atomic operation Atomic operations are those that preemption does not affect them More: counter = counter + 2 is also not an atomic operation! This combination of reasons breaks our enforced conditions: The code can be preempted Incrementing the counter is not an atomic operation If we have a look locally on each thread The conditions and code are correct! However, globally the code does not enforce the condition!

Computation Correctness: Global Criterion The concurrent execution of a program is correct iff: All @PRE @POST @INV conditions hold throughout the execution Linearizability of the computation Linearizability: Final state of objects: They are in states that could have been reached by a sequential execution Sequence of states: They can be reached, for each object, by a sequential execution Then, the concurrent code can be converted to a sequential one And executed correctly!

Example: abstract computation system Sequences transitions from object perspective: O1: S11 --m1()--> S12 --m2()--> S13 O2: S21 --n1()--> S22 Now consider this example: an abstract computation system involves 2 objects O1 and O2. From the perspective of each object, the computation involves these sequences of transitions:

Example: Linearizability Sequential model RTE: 3 transitions ordered relative to each other into a single execution If no dependency between executions: We can have all possible interleaving: S11 S12 S13 S21 S22 S11 S12 S21 S13 S22 S11 S12 S21 S22 S13 S11 S21 S12 S22 S13 S11 S21 S22 S12 S13 S21 S11 S22 S12 S13 S21 S22 S11 S12 S13

Dependency: n1() is called by O1 during the execution of m2() O1: S11 --m1()--> S12 --m2()--> S13 O2: S21 --n1()--> S22 Additional ordering constraint  S22 > S12 S11 S12 S13 S21 S22 S11 S12 S21 S13 S22 S11 S12 S21 S22 S13 S11 S21 S12 S22 S13 less possible total orderings in the sequential execution

Safety in concurrent RTEs: Any mechanism that we will introduce will: Impose serialization constraints among independent transitions

Safe Concurrent Programming Ingredients Immutability - avoiding state changes. Using this method we avoiding state changes Shared objects are read only No need for exclusive access! The object cannot enter inconsistent states! one thread at a time can access object state, by protecting objects with locks and related constructs.

Safe Concurrent Programming Ingredients Synchronization - dynamically ensuring exclusive access Ensuring that only one thread at a time can access object states, or critical sections of the code. Done by protecting objects with locks and related constructs. Shared objects are accessed sequentially in these critical sections one thread at a time can access object state, by protecting objects with locks and related constructs.

Safe Concurrent Programming Ingredients Containment - Structurally ensuring exclusive access Structurally ensure exclusive access of objects This is done by using design patterns Does not allow concurrent access – only sequential one thread at a time can access object state, by protecting objects with locks and related constructs.

Immutability Definition: If an object cannot change state Immutable object  - cannot be modified after it is created Mutable object - can be modified after it is created If an object cannot change state Then it can never encounter inconsistencies due to concurrent access! Simplest solution for thread safety – in terms of coding No thread may change the internal state of the object Cheap to do at design stage However, code change will require refactoring large parts of code - expensive

immutable EvenCounter new object of EvenCounter - its internal state may not change - ever object is always safe, even in concurrent execution environments.

Creating Immutable Classes No setter methods - such as setX() All fields final and private Immutable instances are always initialized during construction. No method overriding can be done by doing one of the following: Class declared final, or Constructor made private and object construction is done in factory methods. If the member variables include references to mutable objects: Ensure no methods that modify the mutable objects References to the mutable objects are not to be shared or returned. References to external mutable objects passed to the constructor are read only. Copies of internal mutable objects can be returned, never the original variables.

Immutable EvenCounter /* A counter class, which keeps an even counter */ class EvenCounter { /* the internal state counter - it is changed to final * @INV counter % 2 = 0 */ private final int counter; /* private default constructor */ private EvenCounter() { counter = 0; } /* factory method – creates instances of EvenCounter*/ public static EvenCounter create() { return new EvenCounter(); } /* a private constructor * @PRE c % 2 = 0 private EvenCounter(int counter) { this.counter = counter; } /* increment the counter. * return a new Object * @PRE counter % 2 = 0 (this is redundant, as it is promised by the @INV) * @POST @POST(counter) = @PRE(counter_) * @POST @POST(return.counter) = @PRE(this.counter_)+2 public EvenCounter increment() { return new EvenCounter(counter+2); } }

Reminder: Static methods  - use no instance variables of any object of the class they are defined in. cannot access any instance variables. ONLY static variables.

Incrementor and the Main function 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 class Incrementor implements Runnable{ private EvenCounter evenCounter; public Incrementer(EvenCounter evenCounter){ this.evenCounter = evenCounter; } public void run(){ for (int i=0;i<10;i++){ evenCounter = evenCounter.increment(); public int getValue(){ return evenCounter.getValue(); 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 class RunConcurrentCode{ public static void main(String[] args){ Incrementor incrementor1 = new Incrementor(EvenCounter.create()); Incrementor incrementor2 = new Incrementor (EvenCounter.create()); Thread t1 = new Thread(incrementor1); Thread t2 = new Thread(incrementor2); t1.start(); t2.start(); try{ t1.join(); t2.join(); } catch(InterruptedException e){ } int value = incrementor1.getValue() + incrementor2.getValue(); System.out.print(value); } 40, yes Output? Everytime?

Immutable objects are applicable when: Object serves as instances of a simple abstract data type representing values. For example: colors, numbers, strings. different classes supporting different usage can be designed, one immutable and the another updatable. java.lang.String is immutable java.lang.StringBuffer is updatable.

Immutable objects are applicable when: benefit of safe object outweighs cost of copying object each time it changes Copying technique is popular and is valid. trade-off: readability and execution time Java does not support pass-by-copy for non-scalar types. copy by another assignment. In some RTE (not Java though), the actual copying may be delayed to the moment a change occur to the variable, thus saving execution time in some scenarios. multiple objects representing the same values (for a reason not related to safety).

Stateless methods Another aspect of immutability are stateless methods. A stateless method is a method that does not change the object state. provide services

Immutable “Wrapper”

Immutable “Wrapper” Note that the previous example is weak. The server inner fields can be modified even though it is final (either in relay or outside of it). Only the reference field “server” cannot be modified. Modifications: Either server is created inside relay and is not exposed outside. Relay only expose certain methods of server, that do not change the server’s state.